[jboss-jira] [JBoss JIRA] (WFLY-9914) Server reload breaks security context
Harald Wellmann (JIRA)
issues at jboss.org
Mon Feb 26 14:34:00 EST 2018
Harald Wellmann created WFLY-9914:
-------------------------------------
Summary: Server reload breaks security context
Key: WFLY-9914
URL: https://issues.jboss.org/browse/WFLY-9914
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 11.0.0.Final
Environment: Ubuntu 16.04 LTS, Oracle JDK 1.8.0_161
Reporter: Harald Wellmann
Assignee: Darran Lofthouse
h3. Summary
A minimal example webapp using Soteria and DeltaSpike Security works as expected when first deployed to WildFly.
After issuing a {{reload}} command via {{jboss-cli.sh}}, the application no longer works, since no groups are associated to the caller principal.
The problem no longer occurs after a server shutdown and restart.
h3. Details
{noformat}
# Start server
$ ${JBOSS_HOME}/bin/standalone.sh
# Build and deploy demo
$ git clone https://github.com/hwellmann/security-demo.git
$ cd security-demo
$ mvn deploy
# Request protected resource
$ curl -u operator:secret http://localhost:8080/api/version
{"version":1}
# Reload server
$ ${JBOSS_HOME}/bin/jboss-cli.sh -c --command=:reload
# Issue same request, access denied
$ curl -u operator:secret http://localhost:8080/api/version
{"message":"requested access to the resource is denied"}
{noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list